Apache.Struts.XSS
Description
This indicates attack attempts against multiple Persistence Cross Site Scripting vulnerabilities in Apache Struct framework.
The vulnerabilities is caused because the vulnerable application fails to sanitise user-supplied input. Successful attacks may allow an attacker to execute arbitrary HTML code in a user's browser session in the context of a vulnerable application.
Affected Products
Apache struts 2.2.3 and prior.
Impact
System Compromise: Remote attackers can execute arbitrary script code within the context of the target user's browser.
Recommended Actions
Upgrade to the latest version, available from the web site.
http://struts.apache.org/download.cgi
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |